magnolia25 Posted June 8, 2006 Report Share Posted June 8, 2006 umm...yeah Im stuck with this sweepstakes.com thing..I did the HijackThis. here's the scanplease let me know what to do. simple directions would be appreciated..thanksLogfile of HijackThis v1.99.1Scan saved at 7:45:15 PM, on 6/7/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\system32\cisvc.exec:\program files\mcafee.com\agent\mcdetect.exec:\PROGRA~1\mcafee.com\agent\mctskshd.exeC:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exeC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\cidaemon.exeC:\WINDOWS\system32\cidaemon.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\wscntfy.exeC:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exeC:\Program Files\Java\j2re1.4.2_04\bin\jusched.exeC:\WINDOWS\BCMSMMSG.exeC:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exeC:\Program Files\support.com\bin\tgcmd.exeC:\program files\common files\system\ms2src.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\Logitech\MouseWare\system\em_exec.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\Java\j2re1.4.2_04\bin\jucheck.exeC:\Program Files\Yahoo!\Messenger\ymsgr_tray.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Documents and Settings\Stephanie\Local Settings\Temporary Internet Files\Content.IE5\17NPJL7K\HijackThis[1].exeR1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.iquicksearch.net/search.htmR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.htmlR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htmR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htmR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by ComcastR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0R3 - Default URLSearchHook is missingO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\PROGRA~1\mcafee.com\mps\mcbrhlpr.dllO2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dllO2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exeO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exeO4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exeO4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exeO4 - HKLM\..\Run: [cveqxhxy] C:\WINDOWS\System32\scjsxc.exeO4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exeO4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -uO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.ExeO4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exeO4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /serverO4 - HKLM\..\Run: [ms2src] c:\program files\common files\system\ms2src.exe /installO4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hideO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [Qbtokf] C:\WINDOWS\System32\xoljxnef.exeO4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quietO4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exeO4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exeO8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTMLO8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.htmlO8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.htmlO8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.htmlO8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htmO8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.htmlO8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.htmlO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dllO9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dllO9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dllO9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dllO9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dllO9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm (file missing)O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cabO16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/supergerball/miniclipGameLoader.dllO16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...84/mcinsctl.cabO16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,21/mcgdmgr.cabO16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://real.gamehouse.com/real/games/SproutLauncher.cabO16 - DPF: {DA8484DE-52DB-4860-A986-61A8682E298A} (LiveX_v7.0.2.0) - https://www.childrenview.net/rooms/intercoa...hecker_6110.cabO23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXEO23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exeO23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exeO23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exeO23 - Service: McAfee.com Personal Firewall Service (MpfService) - McAfee.com Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exeO23 - Service: IntelĀ® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe Quote Link to post Share on other sites
Steamhead Posted June 8, 2006 Report Share Posted June 8, 2006 Hello magnolia25 STEP 1:Please follow the instructions provided, you may want to print out these instructions and use them as a reference.Please download ewido anti-malware it is a free version of the program.Install ewido anti-malwareWhen installing, under "Additional Options" uncheck..Install background guardInstall scan via context menu[*]Launch ewido, there should be an icon on your desktop, double-click it.[*]The program will now open to the main screen.[*]When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.[*]You will need to update ewido to the latest definition files.On the left hand side of the main screen click update.Then click on Start Update.[*]The update will start and a progress bar will show the updates being installed.(the status bar at the bottom will display ("Update successful")If you are having problems with the updater, you can use this link to manually update ewido.ewido manual updatesOnce the updates are installed do the following:Click on scannerClick on Complete System Scan and the scan will begin.You will be prompted to clean the first infection.Select "Perform action on all infections", then proceed.Once the scan has completed, there will be a button located on the bottom of the screen named Save reportClick Save report.Save the report .txt file to your desktop or a location where you can find it easily.Close ewido anti-malware.STEP 2:You are currently using HijackThis from a temporary directory, this can cause problems.HijackThis creates backups, these are needed in case of any recovery issues.Please create a directory on your C:\ drive called C:\HJT, download and unzip HijackThis into that directory. Run the program from that directory from now on.STEPS For Creating Folder1. Please go to My Computer, open your C:\ drive, Select: New >> Folder and name the folder HJT.2. Download HijackThis to the new folder:3. Double Click on 'HijackThis.zip' to extract and install HijackThis.exe to the new folder.4. Close ALL windows except HJT5. SCAN with HJT and SAVE LOG. (a notepad window will open with the log in it when you click Save Log) (Ctrl-A to'select all', Ctrl-C to 'copy')6. POST the log in this thread along with the Ewido log using 'Add Reply' (Ctrl-V to 'paste')Please make sure you post the entire log including the top portion:DO NOT MAKE ANY CHANGES OR CLICK "FIX CHECKED" UNTIL WE CHECK THE LOG, AS SOME OF THE FILES ARE LEGIT AND VITAL TO THE FUNCTION OF YOUR COMPUTER Quote Link to post Share on other sites
magnolia25 Posted June 8, 2006 Author Report Share Posted June 8, 2006 allrighty, here they are--Logfile of HijackThis v1.99.1Scan saved at 1:04:46 PM, on 6/8/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\Explorer.EXEC:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exeC:\Program Files\Java\j2re1.4.2_04\bin\jusched.exeC:\WINDOWS\BCMSMMSG.exeC:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exeC:\Program Files\Java\j2re1.4.2_04\bin\jucheck.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exeC:\Program Files\support.com\bin\tgcmd.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\Messenger\msmsgs.exeC:\WINDOWS\system32\cisvc.exeC:\Program Files\Logitech\MouseWare\system\em_exec.exec:\program files\mcafee.com\agent\mcdetect.exec:\PROGRA~1\mcafee.com\agent\mctskshd.exeC:\Program Files\Yahoo!\Messenger\ymsgr_tray.exeC:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exeC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\wscntfy.exeC:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exeC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\system32\cidaemon.exeC:\WINDOWS\system32\cidaemon.exeC:\Program Files\ewido anti-malware\ewidoctrl.exeC:\program files\common files\system\ms2src.exeC:\HJT\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.iquicksearch.net/search.htmR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.htmlR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htmR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htmR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by ComcastR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0R3 - Default URLSearchHook is missingO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\PROGRA~1\mcafee.com\mps\mcbrhlpr.dllO2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dllO2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exeO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exeO4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exeO4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exeO4 - HKLM\..\Run: [cveqxhxy] C:\WINDOWS\System32\scjsxc.exeO4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exeO4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -uO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.ExeO4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exeO4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /serverO4 - HKLM\..\Run: [ms2src] c:\program files\common files\system\ms2src.exe /installO4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hideO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [Qbtokf] C:\WINDOWS\System32\xoljxnef.exeO4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quietO4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exeO4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exeO8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTMLO8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.htmlO8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.htmlO8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.htmlO8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htmO8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.htmlO8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.htmlO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dllO9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dllO9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dllO9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dllO9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dllO9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm (file missing)O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cabO16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/supergerball/miniclipGameLoader.dllO16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...84/mcinsctl.cabO16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,21/mcgdmgr.cabO16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://real.gamehouse.com/real/games/SproutLauncher.cabO16 - DPF: {DA8484DE-52DB-4860-A986-61A8682E298A} (LiveX_v7.0.2.0) - https://www.childrenview.net/rooms/intercoa...hecker_6110.cabO23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exeO23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXEO23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exeO23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exeO23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exeO23 - Service: McAfee.com Personal Firewall Service (MpfService) - McAfee.com Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exeO23 - Service: IntelĀ® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe--------------------------------------------------------- ewido anti-malware - Scan report--------------------------------------------------------- + Created on: 12:57:34 PM, 6/8/2006 + Report-Checksum: 470DFD15 + Scan result: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\AUI -> Adware.WebSearch : Cleaned with backup HKLM\SOFTWARE\Pinfo -> Dialer.Generic : Cleaned with backup HKLM\SOFTWARE\Pinfo\Dialers -> Dialer.Generic : Cleaned with backup HKU\S-1-5-21-1592618247-1208119211-3294204590-1006\Software\Pinfo -> Dialer.Generic : Cleaned with backup HKU\S-1-5-21-1592618247-1208119211-3294204590-1006\Software\Pinfo\Dialers -> Dialer.Generic : Cleaned with backup HKU\S-1-5-21-1592618247-1208119211-3294204590-1006\Software\Pinfo\Dialers\HotBlondes -> Dialer.Generic : Cleaned with backup HKU\S-1-5-21-1592618247-1208119211-3294204590-1006\Software\Pinfo\Dialers\Lisa -> Dialer.Generic : Cleaned with backup C:\Documents and Settings\Cameron\Cookies\[email protected][2].txt -> TrackingCookie.Aavalue : Cleaned with backup C:\Documents and Settings\Cameron\Cookies\cameron@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned with backup C:\Documents and Settings\Cameron\Cookies\cameron@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Cameron\Cookies\cameron@aavalue[1].txt -> TrackingCookie.Aavalue : Cleaned with backup C:\Documents and Settings\Cameron\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\Cameron\Cookies\[email protected][2].txt -> TrackingCookie.Euroclick : Cleaned with backup C:\Documents and Settings\Cameron\Cookies\[email protected][1].txt -> TrackingCookie.Specificclick : Cleaned with backup C:\Documents and Settings\Cameron\Cookies\cameron@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned with backup C:\Documents and Settings\Cameron\Cookies\[email protected][1].txt -> TrackingCookie.Addynamix : Cleaned with backup C:\Documents and Settings\Cameron\Cookies\[email protected][2].txt -> TrackingCookie.Pointroll : Cleaned with backup C:\Documents and Settings\Cameron\Cookies\cameron@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup C:\Documents and Settings\Cameron\Cookies\[email protected][2].txt -> TrackingCookie.Tacoda : Cleaned with backup C:\Documents and Settings\Cameron\Cookies\[email protected][1].txt -> TrackingCookie.Falkag : Cleaned with backup C:\Documents and Settings\Cameron\Cookies\[email protected][2].txt -> TrackingCookie.Falkag : Cleaned with backup C:\Documents and Settings\Cameron\Cookies\[email protected][2].txt -> TrackingCookie.Casalemedia : Cleaned with backup C:\Documents and Settings\Cameron\Cookies\[email protected][1].txt -> TrackingCookie.Falkag : Cleaned with backup C:\Documents and Settings\Cameron\Cookies\cameron@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned with backup C:\Documents and Settings\Cameron\Cookies\[email protected][2].txt -> TrackingCookie.Casinolasvegas : Cleaned with backup C:\Documents and Settings\Cameron\Cookies\cameron@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned with backup C:\Documents and Settings\Cameron\Cookies\cameron@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup C:\Documents and Settings\Cameron\Cookies\cameron@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup C:\Documents and Settings\Cameron\Cookies\cameron@casinolasvegas[1].txt -> TrackingCookie.Casinolasvegas : Cleaned with backup C:\Documents and Settings\Cameron\Cookies\[email protected][1].txt -> TrackingCookie.Bridgetrack : Cleaned with backup C:\Documents and Settings\Cameron\Cookies\[email protected][2].txt -> TrackingCookie.Hitslink : Cleaned with backup C:\Documents and Settings\Cameron\Cookies\[email protected][1].txt -> TrackingCookie.Aavalue : Cleaned with backup C:\Documents and Settings\Cameron\Cookies\cameron@dbbsrv[1].txt -> TrackingCookie.Dbbsrv : Cleaned with backup C:\Documents and Settings\Cameron\Cookies\cameron@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup C:\Documents and Settings\Cameron\Cookies\[email protected][1].txt -> TrackingCookie.Ru4 : Cleaned with backup C:\Documents and Settings\Cameron\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned with backup C:\Documents and Settings\Cameron\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup C:\Documents and Settings\Cameron\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup C:\Documents and Settings\Cameron\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Cameron\Cookies\[email protected][1].txt -> TrackingCookie.Aavalue : Cleaned with backup C:\Documents and Settings\Cameron\Cookies\cameron@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup C:\Documents and Settings\Cameron\Cookies\[email protected][1].txt -> TrackingCookie.Starware : Cleaned with backup C:\Documents and Settings\Cameron\Cookies\cameron@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup C:\Documents and Settings\Cameron\Cookies\[email protected][1].txt -> TrackingCookie.Itrack : Cleaned with backup C:\Documents and Settings\Cameron\Cookies\[email protected][1].txt -> TrackingCookie.Masterstats : Cleaned with backup C:\Documents and Settings\Cameron\Cookies\cameron@linksynergy[2].txt -> TrackingCookie.Linksynergy : Cleaned with backup C:\Documents and Settings\Cameron\Cookies\[email protected][2].txt -> TrackingCookie.Tracking101 : Cleaned with backup C:\Documents and Settings\Cameron\Cookies\[email protected][1].txt -> TrackingCookie.Aavalue : Cleaned with backup C:\Documents and Settings\Cameron\Cookies\[email protected][2].txt -> TrackingCookie.Fastclick : Cleaned with backup C:\Documents and Settings\Cameron\Cookies\cameron@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup C:\Documents and Settings\Cameron\Cookies\[email protected][1].txt -> TrackingCookie.Aavalue : Cleaned with backup C:\Documents and Settings\Cameron\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Cameron\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Cameron\Cookies\cameron@overture[1].txt -> TrackingCookie.Overture : Cleaned with backup C:\Documents and Settings\Cameron\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Cameron\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Cleaned with backup C:\Documents and Settings\Cameron\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned with backup C:\Documents and Settings\Cameron\Cookies\[email protected][2].txt -> TrackingCookie.Aavalue : Cleaned with backup C:\Documents and Settings\Cameron\Cookies\[email protected][1].txt -> TrackingCookie.Aavalue : Cleaned with backup C:\Documents and Settings\Cameron\Cookies\cameron@qksrv[2].txt -> TrackingCookie.Qksrv : Cleaned with backup C:\Documents and Settings\Cameron\Cookies\cameron@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup C:\Documents and Settings\Cameron\Cookies\[email protected][2].txt -> TrackingCookie.Liveperson : Cleaned with backup C:\Documents and Settings\Cameron\Cookies\cameron@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned with backup C:\Documents and Settings\Cameron\Cookies\[email protected][2].txt -> TrackingCookie.Onestat : Cleaned with backup C:\Documents and Settings\Cameron\Cookies\cameron@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned with backup C:\Documents and Settings\Cameron\Cookies\[email protected][1].txt -> TrackingCookie.Webtrendslive : Cleaned with backup C:\Documents and Settings\Cameron\Cookies\cameron@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup C:\Documents and Settings\Cameron\Cookies\cameron@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned with backup C:\Documents and Settings\Cameron\Cookies\cameron@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned with backup C:\Documents and Settings\Cameron\Cookies\cameron@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup C:\Documents and Settings\Cameron\Cookies\[email protected][1].txt -> TrackingCookie.Starware : Cleaned with backup C:\Documents and Settings\Cameron\Cookies\[email protected][1].txt -> TrackingCookie.Coremetrics : Cleaned with backup C:\Documents and Settings\Cameron\Cookies\cameron@valueclick[2].txt -> TrackingCookie.Valueclick : Cleaned with backup C:\Documents and Settings\Cameron\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Cameron\Cookies\[email protected][1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup C:\Documents and Settings\Cameron\Cookies\[email protected][1].txt -> TrackingCookie.Starware : Cleaned with backup C:\Documents and Settings\Cameron\Cookies\[email protected][1].txt -> TrackingCookie.Adserver : Cleaned with backup C:\Documents and Settings\Cameron\Local Settings\Temp\lf_10C.tmp -> Downloader.Dluca.ci : Cleaned with backup C:\Documents and Settings\Cameron\Local Settings\Temp\lf_13C.tmp -> Downloader.Agent.wp : Cleaned with backup C:\Documents and Settings\Cameron\Local Settings\Temp\lf_148.tmp -> Downloader.Dluca.ci : Cleaned with backup C:\Documents and Settings\Cameron\Local Settings\Temp\lf_190.tmp -> Downloader.Agent.wp : Cleaned with backup C:\Documents and Settings\Cameron\Local Settings\Temp\lf_1E4.tmp -> Downloader.Dluca.ci : Cleaned with backup C:\Documents and Settings\Cameron\Local Settings\Temp\lf_1F4.tmp -> Downloader.Dluca.ci : Cleaned with backup C:\Documents and Settings\Cameron\Local Settings\Temp\lf_220.tmp -> Downloader.Dluca.ci : Cleaned with backup C:\Documents and Settings\Cameron\Local Settings\Temp\lf_238.tmp -> Downloader.Agent.wp : Cleaned with backup C:\Documents and Settings\Cameron\Local Settings\Temp\lf_258.tmp -> Downloader.Dluca.ci : Cleaned with backup C:\Documents and Settings\Cameron\Local Settings\Temp\lf_3A4.tmp -> Downloader.Agent.wp : Cleaned with backup C:\Documents and Settings\Cameron\Local Settings\Temp\lf_498.tmp -> Downloader.Agent.wp : Cleaned with backup C:\Documents and Settings\Cameron\Local Settings\Temp\lf_534.tmp -> Downloader.Agent.wp : Cleaned with backup C:\Documents and Settings\Cameron\Local Settings\Temp\lf_570.tmp -> Downloader.Dluca.ci : Cleaned with backup C:\Documents and Settings\Cameron\Local Settings\Temp\lf_578.tmp -> Downloader.Agent.wp : Cleaned with backup C:\Documents and Settings\Cameron\Local Settings\Temp\lf_698.tmp -> Downloader.Dluca.ci : Cleaned with backup C:\Documents and Settings\Cameron\Local Settings\Temp\lf_6FC.tmp -> Downloader.Agent.wp : Cleaned with backup C:\Documents and Settings\Cameron\Local Settings\Temp\lf_74C.tmp -> Downloader.Agent.wp : Cleaned with backup C:\Documents and Settings\Cameron\Local Settings\Temp\lf_774.tmp -> Downloader.Agent.wp : Cleaned with backup C:\Documents and Settings\Cameron\Local Settings\Temp\lf_7E8.tmp -> Downloader.Agent.wp : Cleaned with backup C:\Documents and Settings\Cameron\Local Settings\Temp\lf_7F8.tmp -> Downloader.Agent.wp : Cleaned with backup C:\Documents and Settings\Cameron\Local Settings\Temp\lf_838.tmp -> Downloader.Agent.wp : Cleaned with backup C:\Documents and Settings\Cameron\Local Settings\Temp\lf_84.tmp -> Downloader.Agent.wp : Cleaned with backup C:\Documents and Settings\Cameron\Local Settings\Temp\lf_840.tmp -> Downloader.Dluca.ci : Cleaned with backup C:\Documents and Settings\Cameron\Local Settings\Temp\lf_878.tmp -> Downloader.Dluca.ci : Cleaned with backup C:\Documents and Settings\Cameron\Local Settings\Temp\lf_884.tmp -> Downloader.Dluca.ci : Cleaned with backup C:\Documents and Settings\Cameron\Local Settings\Temp\lf_88C.tmp -> Downloader.Agent.wp : Cleaned with backup C:\Documents and Settings\Cameron\Local Settings\Temp\lf_8B4.tmp -> Downloader.Agent.wp : Cleaned with backup C:\Documents and Settings\Cameron\Local Settings\Temp\lf_8BC.tmp -> Downloader.Dluca.ci : Cleaned with backup C:\Documents and Settings\Cameron\Local Settings\Temp\lf_8C8.tmp -> Downloader.Dluca.ci : Cleaned with backup C:\Documents and Settings\Cameron\Local Settings\Temp\lf_958.tmp -> Downloader.Agent.wp : Cleaned with backup C:\Documents and Settings\Cameron\Local Settings\Temp\lf_960.tmp -> Downloader.Dluca.ci : Cleaned with backup C:\Documents and Settings\Cameron\Local Settings\Temp\lf_98.tmp -> Downloader.Agent.wp : Cleaned with backup C:\Documents and Settings\Cameron\Local Settings\Temp\lf_984.tmp -> Downloader.Agent.wp : Cleaned with backup C:\Documents and Settings\Cameron\Local Settings\Temp\lf_A0.tmp -> Downloader.Dluca.ci : Cleaned with backup C:\Documents and Settings\Cameron\Local Settings\Temp\lf_A4.tmp -> Downloader.Agent.wp : Cleaned with backup C:\Documents and Settings\Cameron\Local Settings\Temp\lf_A84.tmp -> Downloader.Agent.wp : Cleaned with backup C:\Documents and Settings\Cameron\Local Settings\Temp\lf_AA4.tmp -> Downloader.Agent.wp : Cleaned with backup C:\Documents and Settings\Cameron\Local Settings\Temp\lf_AB4.tmp -> Downloader.Dluca.ci : Cleaned with backup C:\Documents and Settings\Cameron\Local Settings\Temp\lf_AC.tmp -> Downloader.Agent.wp : Cleaned with backup C:\Documents and Settings\Cameron\Local Settings\Temp\lf_B0.tmp -> Downloader.Agent.wp : Cleaned with backup C:\Documents and Settings\Cameron\Local Settings\Temp\lf_B74.tmp -> Downloader.Agent.wp : Cleaned with backup C:\Documents and Settings\Cameron\Local Settings\Temp\lf_B8C.tmp -> Downloader.Agent.wp : Cleaned with backup C:\Documents and Settings\Cameron\Local Settings\Temp\lf_BD0.tmp -> Downloader.Agent.wp : Cleaned with backup C:\Documents and Settings\Cameron\Local Settings\Temp\lf_C4.tmp -> Downloader.Agent.wp : Cleaned with backup C:\Documents and Settings\Cameron\Local Settings\Temp\lf_C8.tmp -> Downloader.Dluca.ci : Cleaned with backup C:\Documents and Settings\Cameron\Local Settings\Temp\lf_D4.tmp -> Downloader.Dluca.ci : Cleaned with backup C:\Documents and Settings\Cameron\Local Settings\Temp\lf_D50.tmp -> Downloader.Dluca.ci : Cleaned with backup C:\Documents and Settings\Cameron\Local Settings\Temp\lf_E0C.tmp -> Downloader.Dluca.ci : Cleaned with backup C:\Documents and Settings\Cameron\Local Settings\Temp\lf_F1C.tmp -> Downloader.Agent.wp : Cleaned with backup C:\Documents and Settings\Cameron\Local Settings\Temp\lf_F34.tmp -> Downloader.Dluca.ci : Cleaned with backup C:\Documents and Settings\Cameron\Local Settings\Temp\lf_F88.tmp -> Downloader.Dluca.ci : Cleaned with backup C:\Documents and Settings\Cameron\Local Settings\Temp\lf_F94.tmp -> Downloader.Agent.wp : Cleaned with backup C:\Documents and Settings\Patricia\Cookies\patricia@247realmedia[2].txt -> TrackingCookie.247realmedia : Cleaned with backup C:\Documents and Settings\Patricia\Cookies\patricia@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Patricia\Cookies\patricia@aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned with backup C:\Documents and Settings\Patricia\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\Patricia\Cookies\[email protected][2].txt -> TrackingCookie.Specificclick : Cleaned with backup C:\Documents and Settings\Patricia\Cookies\patricia@adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned with backup C:\Documents and Settings\Patricia\Cookies\[email protected][2].txt -> TrackingCookie.Addynamix : Cleaned with backup C:\Documents and Settings\Patricia\Cookies\[email protected][1].txt -> TrackingCookie.Pointroll : Cleaned with backup C:\Documents and Settings\Patricia\Cookies\patricia@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup C:\Documents and Settings\Patricia\Cookies\[email protected][2].txt -> TrackingCookie.Tacoda : Cleaned with backup C:\Documents and Settings\Patricia\Cookies\[email protected][1].txt -> TrackingCookie.Falkag : Cleaned with backup C:\Documents and Settings\Patricia\Cookies\[email protected][1].txt -> TrackingCookie.Casalemedia : Cleaned with backup C:\Documents and Settings\Patricia\Cookies\patricia@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup C:\Documents and Settings\Patricia\Cookies\patricia@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned with backup C:\Documents and Settings\Patricia\Cookies\patricia@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup C:\Documents and Settings\Patricia\Cookies\patricia@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup C:\Documents and Settings\Patricia\Cookies\patricia@clickbank[1].txt -> TrackingCookie.Clickbank : Cleaned with backup C:\Documents and Settings\Patricia\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Patricia\Cookies\[email protected][2].txt -> TrackingCookie.Hitslink : Cleaned with backup C:\Documents and Settings\Patricia\Cookies\[email protected][1].txt -> TrackingCookie.Coremetrics : Cleaned with backup C:\Documents and Settings\Patricia\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Cleaned with backup C:\Documents and Settings\Patricia\Cookies\[email protected][2].txt -> TrackingCookie.Overture : Cleaned with backup C:\Documents and Settings\Patricia\Cookies\patricia@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup C:\Documents and Settings\Patricia\Cookies\[email protected][1].txt -> TrackingCookie.Ru4 : Cleaned with backup C:\Documents and Settings\Patricia\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned with backup C:\Documents and Settings\Patricia\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned with backup C:\Documents and Settings\Patricia\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned with backup C:\Documents and Settings\Patricia\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup C:\Documents and Settings\Patricia\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned with backup C:\Documents and Settings\Patricia\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup C:\Documents and Settings\Patricia\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup C:\Documents and Settings\Patricia\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup C:\Documents and Settings\Patricia\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned with backup C:\Documents and Settings\Patricia\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup C:\Documents and Settings\Patricia\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup C:\Documents and Settings\Patricia\Cookies\patricia@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup C:\Documents and Settings\Patricia\Cookies\patricia@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup C:\Documents and Settings\Patricia\Cookies\[email protected][1].txt -> TrackingCookie.Masterstats : Cleaned with backup C:\Documents and Settings\Patricia\Cookies\[email protected][2].txt -> TrackingCookie.Tracking101 : Cleaned with backup C:\Documents and Settings\Patricia\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Patricia\Cookies\patricia@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup C:\Documents and Settings\Patricia\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Patricia\Cookies\patricia@paycounter[1].txt -> TrackingCookie.Paycounter : Cleaned with backup C:\Documents and Settings\Patricia\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Patricia\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Cleaned with backup C:\Documents and Settings\Patricia\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned with backup C:\Documents and Settings\Patricia\Cookies\[email protected][1].txt -> TrackingCookie.Aavalue : Cleaned with backup C:\Documents and Settings\Patricia\Cookies\patricia@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned with backup C:\Documents and Settings\Patricia\Cookies\[email protected][1].txt -> TrackingCookie.Aavalue : Cleaned with backup C:\Documents and Settings\Patricia\Cookies\[email protected][2].txt -> TrackingCookie.Liveperson : Cleaned with backup C:\Documents and Settings\Patricia\Cookies\[email protected][2].txt -> TrackingCookie.Liveperson : Cleaned with backup C:\Documents and Settings\Patricia\Cookies\patricia@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned with backup C:\Documents and Settings\Patricia\Cookies\[email protected][2].txt -> TrackingCookie.Onestat : Cleaned with backup C:\Documents and Settings\Patricia\Cookies\patricia@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned with backup C:\Documents and Settings\Patricia\Cookies\[email protected][1].txt -> TrackingCookie.Webtrendslive : Cleaned with backup C:\Documents and Settings\Patricia\Cookies\patricia@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup C:\Documents and Settings\Patricia\Cookies\patricia@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned with backup C:\Documents and Settings\Patricia\Cookies\patricia@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned with backup C:\Documents and Settings\Patricia\Cookies\patricia@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup C:\Documents and Settings\Patricia\Cookies\patricia@web-stat[2].txt -> TrackingCookie.Web-stat : Cleaned with backup C:\Documents and Settings\Patricia\Cookies\[email protected][2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup C:\Documents and Settings\Patricia\Cookies\[email protected][1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup C:\Documents and Settings\Patricia\Cookies\patricia@zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup C:\Documents and Settings\Patricia\Local Settings\Temp\lf_108.tmp -> Downloader.Dluca.ci : Cleaned with backup C:\Documents and Settings\Patricia\Local Settings\Temp\lf_12C.tmp -> Downloader.Agent.wp : Cleaned with backup C:\Documents and Settings\Patricia\Local Settings\Temp\lf_144.tmp -> Downloader.Agent.wp : Cleaned with backup C:\Documents and Settings\Patricia\Local Settings\Temp\lf_14C.tmp -> Downloader.Dluca.ci : Cleaned with backup C:\Documents and Settings\Patricia\Local Settings\Temp\lf_2F4.tmp -> Downloader.Dluca.ci : Cleaned with backup C:\Documents and Settings\Patricia\Local Settings\Temp\lf_340.tmp -> Downloader.Agent.wp : Cleaned with backup C:\Documents and Settings\Patricia\Local Settings\Temp\lf_388.tmp -> Downloader.Agent.wp : Cleaned with backup C:\Documents and Settings\Patricia\Local Settings\Temp\lf_410.tmp -> Downloader.Agent.wp : Cleaned with backup C:\Documents and Settings\Patricia\Local Settings\Temp\lf_414.tmp -> Downloader.Dluca.ci : Cleaned with backup C:\Documents and Settings\Patricia\Local Settings\Temp\lf_520.tmp -> Downloader.Agent.wp : Cleaned with backup C:\Documents and Settings\Patricia\Local Settings\Temp\lf_538.tmp -> Downloader.Agent.wp : Cleaned with backup C:\Documents and Settings\Patricia\Local Settings\Temp\lf_53C.tmp -> Downloader.Dluca.ci : Cleaned with backup C:\Documents and Settings\Patricia\Local Settings\Temp\lf_660.tmp -> Downloader.Agent.wp : Cleaned with backup C:\Documents and Settings\Patricia\Local Settings\Temp\lf_678.tmp -> Downloader.Dluca.ci : Cleaned with backup C:\Documents and Settings\Patricia\Local Settings\Temp\lf_6A0.tmp -> Downloader.Dluca.ci : Cleaned with backup C:\Documents and Settings\Patricia\Local Settings\Temp\lf_6C.tmp -> Downloader.Agent.wp : Cleaned with backup C:\Documents and Settings\Patricia\Local Settings\Temp\lf_708.tmp -> Downloader.Dluca.ci : Cleaned with backup C:\Documents and Settings\Patricia\Local Settings\Temp\lf_748.tmp -> Downloader.Agent.wp : Cleaned with backup C:\Documents and Settings\Patricia\Local Settings\Temp\lf_754.tmp -> Downloader.Agent.wp : Cleaned with backup C:\Documents and Settings\Patricia\Local Settings\Temp\lf_770.tmp -> Downloader.Dluca.ci : Cleaned with backup C:\Documents and Settings\Patricia\Local Settings\Temp\lf_7D8.tmp -> Downloader.Agent.wp : Cleaned with backup C:\Documents and Settings\Patricia\Local Settings\Temp\lf_7F0.tmp -> Downloader.Agent.wp : Cleaned with backup C:\Documents and Settings\Patricia\Local Settings\Temp\lf_84.tmp -> Downloader.Agent.wp : Cleaned with backup C:\Documents and Settings\Patricia\Local Settings\Temp\lf_858.tmp -> Downloader.Agent.wp : Cleaned with backup C:\Documents and Settings\Patricia\Local Settings\Temp\lf_864.tmp -> Downloader.Agent.wp : Cleaned with backup C:\Documents and Settings\Patricia\Local Settings\Temp\lf_86C.tmp -> Downloader.Dluca.ci : Cleaned with backup C:\Documents and Settings\Patricia\Local Settings\Temp\lf_880.tmp -> Downloader.Agent.wp : Cleaned with backup C:\Documents and Settings\Patricia\Local Settings\Temp\lf_8B4.tmp -> Downloader.Dluca.ci : Cleaned with backup C:\Documents and Settings\Patricia\Local Settings\Temp\lf_8C.tmp -> Downloader.Agent.wp : Cleaned with backup C:\Documents and Settings\Patricia\Local Settings\Temp\lf_8C0.tmp -> Downloader.Dluca.ci : Cleaned with backup C:\Documents and Settings\Patricia\Local Settings\Temp\lf_944.tmp -> Downloader.Agent.wp : Cleaned with backup C:\Documents and Settings\Patricia\Local Settings\Temp\lf_95C.tmp -> Downloader.Dluca.ci : Cleaned with backup C:\Documents and Settings\Patricia\Local Settings\Temp\lf_98.tmp -> Downloader.Dluca.ci : Cleaned with backup C:\Documents and Settings\Patricia\Local Settings\Temp\lf_9C.tmp -> Downloader.Agent.wp : Cleaned with backup C:\Documents and Settings\Patricia\Local Settings\Temp\lf_9CC.tmp -> Downloader.Agent.wp : Cleaned with backup C:\Documents and Settings\Patricia\Local Settings\Temp\lf_A0.tmp -> Downloader.Agent.wp : Cleaned with backup C:\Documents and Settings\Patricia\Local Settings\Temp\lf_A6C.tmp -> Downloader.Dluca.ci : Cleaned with backup C:\Documents and Settings\Patricia\Local Settings\Temp\lf_A8.tmp -> Downloader.Agent.wp : Cleaned with backup C:\Documents and Settings\Patricia\Local Settings\Temp\lf_AC.tmp -> Downloader.Dluca.ci : Cleaned with backup C:\Documents and Settings\Patricia\Local Settings\Temp\lf_B0.tmp -> Downloader.Dluca.ci : Cleaned with backup C:\Documents and Settings\Patricia\Local Settings\Temp\lf_B4.tmp -> Downloader.Dluca.ci : Cleaned with backup C:\Documents and Settings\Patricia\Local Settings\Temp\lf_B8.tmp -> Downloader.Agent.wp : Cleaned with backup C:\Documents and Settings\Patricia\Local Settings\Temp\lf_BC.tmp -> Downloader.Agent.wp : Cleaned with backup C:\Documents and Settings\Patricia\Local Settings\Temp\lf_D0.tmp -> Downloader.Agent.wp : Cleaned with backup C:\Documents and Settings\Patricia\Local Settings\Temp\lf_DC8.tmp -> Downloader.Agent.wp : Cleaned with backup C:\Documents and Settings\Patricia\Local Settings\Temp\lf_EA0.tmp -> Downloader.Dluca.ci : Cleaned with backup C:\Documents and Settings\Patricia\Local Settings\Temp\lf_FC.tmp -> Downloader.Dluca.ci : Cleaned with backup C:\Documents and Settings\Patricia\Local Settings\Temp\lf_FFC.tmp -> Downloader.Agent.wp : Cleaned with backup C:\Documents and Settings\Stephanie\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\Stephanie\Cookies\[email protected][2].txt -> TrackingCookie.Addynamix : Cleaned with backup C:\Documents and Settings\Stephanie\Cookies\stephanie@com[1].txt -> TrackingCookie.Com : Cleaned with backup C:\Documents and Settings\Stephanie\Cookies\[email protected][1].txt -> TrackingCookie.Adrevolver : Cleaned with backup C:\Documents and Settings\Stephanie\Cookies\stephanie@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned with backup C:\Documents and Settings\Stephanie\Cookies\stephanie@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_134.tmp -> Downloader.Dluca.ci : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_138.tmp -> Downloader.Agent.wp : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_148.tmp -> Downloader.Dluca.ci : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_150.tmp -> Downloader.Dluca.ci : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_154.tmp -> Downloader.Agent.wp : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_164.tmp -> Downloader.Dluca.ci : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_190.tmp -> Downloader.Dluca.ci : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_208.tmp -> Downloader.Agent.wp : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_214.tmp -> Downloader.Agent.wp : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_21C.tmp -> Downloader.Dluca.ci : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_220.tmp -> Downloader.Agent.wp : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_238.tmp -> Downloader.Dluca.ci : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_254.tmp -> Downloader.Dluca.ci : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_260.tmp -> Downloader.Agent.wp : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_274.tmp -> Downloader.Dluca.ci : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_2D4.tmp -> Downloader.Dluca.ci : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_338.tmp -> Downloader.Agent.wp : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_350.tmp -> Downloader.Dluca.ci : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_384.tmp -> Downloader.Dluca.ci : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_494.tmp -> Downloader.Dluca.ci : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_530.tmp -> Downloader.Agent.wp : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_540.tmp -> Downloader.Agent.wp : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_568.tmp -> Downloader.Dluca.ci : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_5F8.tmp -> Downloader.Agent.wp : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_6C0.tmp -> Downloader.Agent.wp : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_6EC.tmp -> Downloader.Agent.wp : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_728.tmp -> Downloader.Dluca.ci : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_744.tmp -> Downloader.Agent.wp : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_780.tmp -> Downloader.Dluca.ci : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_7B0.tmp -> Downloader.Agent.wp : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_7B4.tmp -> Downloader.Agent.wp : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_7C0.tmp -> Downloader.Agent.wp : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_7C8.tmp -> Downloader.Agent.wp : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_7CC.tmp -> Downloader.Agent.wp : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_7D0.tmp -> Downloader.Agent.wp : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_7D4.tmp -> Downloader.Agent.wp : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_7D8.tmp -> Downloader.Agent.wp : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_7DC.tmp -> Downloader.Agent.wp : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_7E0.tmp -> Downloader.Agent.wp : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_7E4.tmp -> Downloader.Agent.wp : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_7E8.tmp -> Downloader.Agent.wp : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_7EC.tmp -> Downloader.Agent.wp : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_7F0.tmp -> Downloader.Agent.wp : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_7F4.tmp -> Downloader.Agent.wp : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_7FC.tmp -> Downloader.Agent.wp : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_834.tmp -> Downloader.Agent.wp : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_84.tmp -> Downloader.Agent.wp : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_84C.tmp -> Downloader.Dluca.ci : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_85C.tmp -> Downloader.Agent.wp : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_88.tmp -> Downloader.Agent.wp : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_8B4.tmp -> Downloader.Dluca.ci : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_8C.tmp -> Downloader.Agent.wp : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_8D4.tmp -> Downloader.Agent.wp : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_8DC.tmp -> Downloader.Dluca.ci : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_A0.tmp -> Downloader.Agent.wp : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_A4.tmp -> Downloader.Agent.wp : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_A40.tmp -> Downloader.Agent.wp : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_A8.tmp -> Downloader.Agent.wp : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_AC.tmp -> Downloader.Dluca.ci : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_B0.tmp -> Downloader.Agent.wp : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_B4.tmp -> Downloader.Agent.wp : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_B70.tmp -> Downloader.Agent.wp : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_B8.tmp -> Downloader.Agent.wp : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_BC.tmp -> Downloader.Agent.wp : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_C0.tmp -> Downloader.Agent.wp : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_C4.tmp -> Downloader.Agent.wp : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_CC.tmp -> Downloader.Agent.wp : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_D0.tmp -> Downloader.Agent.wp : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_D4.tmp -> Downloader.Agent.wp : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_D8.tmp -> Downloader.Agent.wp : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_DC.tmp -> Downloader.Dluca.ci : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_E0.tmp -> Downloader.Agent.wp : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_E08.tmp -> Downloader.Dluca.ci : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_E4.tmp -> Downloader.Dluca.ci : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_E8.tmp -> Downloader.Agent.wp : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_EC.tmp -> Downloader.Agent.wp : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_F0.tmp -> Downloader.Agent.wp : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_F4.tmp -> Downloader.Agent.wp : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_F78.tmp -> Downloader.Agent.wp : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_F8.tmp -> Downloader.Agent.wp : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_F80.tmp -> Downloader.Dluca.ci : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_FD4.tmp -> Downloader.Agent.wp : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\uninstall.exe -> Adware.VMN : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\~200813.tmp -> Adware.Wintol : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\~201134.tmp -> Adware.Wintol : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\~224408.tmp -> Adware.Wintol : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\~228852.tmp -> Adware.Wintol : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\~24624.tmp -> Adware.Wintol : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\~25015.tmp -> Adware.Wintol : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\~271015.tmp -> Adware.Wintol : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\~273211.tmp -> Adware.Wintol : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\~273593.tmp -> Adware.Wintol : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\~273986.tmp -> Downloader.Wintool.d : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\~280804.tmp -> Adware.Wintol : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\~314539.tmp -> Adware.Wintol : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\~315504.tmp -> Adware.Wintol : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\~327193.tmp -> Downloader.Wintool.d : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\~333655.tmp -> Adware.Wintol : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\~334338.tmp -> Adware.Wintol : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\~337391.tmp -> Adware.Wintol : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\~339046.tmp -> Adware.Wintol : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\~339654.tmp -> Adware.Wintol : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\~341473.tmp -> Adware.Wintol : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\~343759.tmp -> Adware.Wintol : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\~344552.tmp -> Adware.Wintol : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\~345407.tmp -> Adware.Wintol : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\~352096.tmp -> Downloader.Wintool.d : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\~352367.tmp -> Adware.Wintol : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\~367597.tmp -> Adware.Wintol : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\~373936.tmp -> Adware.Wintol : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\~374158.tmp -> Adware.Wintol : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\~392595.tmp -> Adware.Wintol : Cleaned with backup C:\Documents and Settings\ Quote Link to post Share on other sites
magnolia25 Posted June 8, 2006 Author Report Share Posted June 8, 2006 ewido cont.C:\Documents and Settings\Stephanie\Local Settings\Temp\~394559.tmp -> Adware.Wintol : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\~394856.tmp -> Adware.Wintol : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\~424224.tmp -> Adware.Wintol : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\~426199.tmp -> Adware.Wintol : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\~439552.tmp -> Adware.Wintol : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\~443319.tmp -> Adware.Wintol : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\~44779.tmp -> Adware.Wintol : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\~479459.tmp -> Adware.Wintol : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\~487338.tmp -> Downloader.Wintool.d : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\~488655.tmp -> Adware.Wintol : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\~493727.tmp -> Adware.Wintol : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\~50094.tmp -> Adware.Wintol : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\~507955.tmp -> Adware.Wintol : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\~512028.tmp -> Adware.Wintol : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\~512462.tmp -> Adware.Wintol : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\~515368.tmp -> Adware.Wintol : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\~523298.tmp -> Adware.Wintol : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\~523579.tmp -> Adware.Wintol : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\~523820.tmp -> Adware.Wintol : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\~531018.tmp -> Adware.Wintol : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\~535676.tmp -> Adware.Wintol : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\~545725.tmp -> Adware.Wintol : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\~548289.tmp -> Adware.Wintol : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\~548609.tmp -> Adware.Wintol : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\~574010.tmp -> Downloader.Wintool.d : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\~578.tmp -> Adware.Wintol : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\~581293.tmp -> Adware.Wintol : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\~6138.tmp -> Adware.Wintol : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\~623581.tmp -> Adware.Wintol : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\~627210.tmp -> Adware.Wintol : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\~635934.tmp -> Adware.Wintol : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\~637897.tmp -> Adware.Wintol : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\~709363.tmp -> Adware.Wintol : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\~719084.tmp -> Adware.Wintol : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\~724209.tmp -> Adware.Wintol : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\~727275.tmp -> Adware.Wintol : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\~734139.tmp -> Adware.Wintol : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\~746555.tmp -> Adware.Wintol : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\~747101.tmp -> Adware.Wintol : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\~760931.tmp -> Adware.Wintol : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\~765631.tmp -> Adware.Wintol : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\~77654.tmp -> Adware.Wintol : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\~777564.tmp -> Adware.Wintol : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\~780401.tmp -> Adware.Wintol : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\~785583.tmp -> Adware.Wintol : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\~791435.tmp -> Adware.Wintol : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\~802211.tmp -> Adware.Wintol : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\~802697.tmp -> Adware.Wintol : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\~805716.tmp -> Adware.Wintol : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\~816030.tmp -> Adware.Wintol : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\~824947.tmp -> Adware.Wintol : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\~830061.tmp -> Adware.Wintol : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\~854605.tmp -> Adware.Wintol : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\~855233.tmp -> Downloader.Wintool.d : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\~861200.tmp -> Adware.Wintol : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\~863352.tmp -> Adware.Wintol : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\~863729.tmp -> Adware.Wintol : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\~864718.tmp -> Adware.Wintol : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\~872430.tmp -> Adware.Wintol : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\~906714.tmp -> Downloader.Wintool.d : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\~907035.tmp -> Downloader.Wintool.d : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\~908759.tmp -> Adware.Wintol : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\~909095.tmp -> Adware.Wintol : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\~911458.tmp -> Adware.Wintol : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\~914657.tmp -> Adware.Wintol : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\~914963.tmp -> Adware.Wintol : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\~919433.tmp -> Adware.Wintol : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\~923874.tmp -> Adware.Wintol : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\~924177.tmp -> Adware.Wintol : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\~930262.tmp -> Adware.Wintol : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\~951114.tmp -> Adware.Wintol : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\~954954.tmp -> Downloader.Wintool.d : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\~955011.tmp -> Adware.Wintol : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\~970727.tmp -> Downloader.Wintool.d : Cleaned with backup C:\Documents and Settings\Stephanie\Local Settings\Temp\~971807.tmp -> Adware.Wintol : Cleaned with backup C:\Downloads\TonkaConst2-dm[1].exe -> Adware.Trymedia : Cleaned with backup C:\Downloads\TonkaMonsterTrucks-dm[1].exe -> Adware.Trymedia : Cleaned with backup C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Adware.Aws : Cleaned with backup C:\Program Files\ComcastToolbar\comcasttoolbar.dll_0_ -> Adware.BHO : Cleaned with backup C:\Program Files\Common Files\System\mplay64.exe -> Downloader.Agent.wp : Cleaned with backup C:\Program Files\Common Files\System\ms2src.exe -> Downloader.Dluca.ci : Cleaned with backup C:\Program Files\Microsoft AntiSpyware\Quarantine\106D6BE6-E8A3-44AE-A97F-1FA756\37B32F5F-F52D-4848-923A-7F6010 -> Adware.BargainBuddy : Cleaned with backup C:\Program Files\Microsoft AntiSpyware\Quarantine\106D6BE6-E8A3-44AE-A97F-1FA756\81D7579D-C0F4-48BA-BB5A-10C6C8 -> Adware.BargainBuddy : Cleaned with backup C:\Program Files\Microsoft AntiSpyware\Quarantine\106D6BE6-E8A3-44AE-A97F-1FA756\94C8EBC3-B3BE-44AE-98E4-C7B67B -> Adware.BargainBuddy : Cleaned with backup C:\Program Files\Microsoft AntiSpyware\Quarantine\58F82BEE-C19D-4539-AC1B-E4E955\76A52839-620F-4D30-9CA6-DAC962 -> Downloader.Dyfuca : Cleaned with backup C:\Program Files\Microsoft AntiSpyware\Quarantine\5B8D3A72-8669-40F8-8B01-1FB490\0306AE16-E061-4FF9-88E7-408328 -> Adware.Sahat : Cleaned with backup C:\Program Files\Microsoft AntiSpyware\Quarantine\ABF2AC78-66AC-4A90-A377-562B58\A03EB352-90EC-492B-B1B7-785C56 -> Adware.Apropos : Cleaned with backup C:\Program Files\Microsoft AntiSpyware\Quarantine\ADD394FB-B5F2-4173-825E-BCC992\B08D6416-13A1-4FF3-B821-E01CF6 -> Adware.SideFind : Cleaned with backup C:\Program Files\Microsoft AntiSpyware\Quarantine\ADD394FB-B5F2-4173-825E-BCC992\DF8B2C6F-8C2F-49B6-ABE1-4277D7 -> Adware.SideFind : Cleaned with backup C:\Program Files\Microsoft AntiSpyware\Quarantine\F190399F-B0E7-4AE8-8302-051A45\472EA997-95FD-40C8-B9A4-C89976 -> Adware.SideFind : Cleaned with backup C:\Program Files\Microsoft AntiSpyware\Quarantine\F190399F-B0E7-4AE8-8302-051A45\72EE742D-C026-42BF-8E0F-3E5398 -> Adware.SideFind : Cleaned with backup C:\Program Files\Seekmo\seekmo.exe -> Adware.180Solutions : Cleaned with backup C:\Program Files\Seekmo\seekmohook.dll -> Adware.Zango : Cleaned with backup C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP605\A0068167.exe -> Downloader.Dluca.ci : Cleaned with backup C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP610\A0068252.dll -> Adware.BHO : Cleaned with backup C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP610\A0068282.dll -> Adware.BHO : Cleaned with backup C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP616\A0068503.exe -> Adware.VMN : Cleaned with backup C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP618\A0068730.exe -> Downloader.Dluca.ci : Cleaned with backup C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP620\A0069754.exe -> Downloader.Agent.wp : Cleaned with backup C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP622\A0069842.exe -> Downloader.Agent.wp : Cleaned with backup C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP627\A0069914.exe -> Downloader.Agent.wp : Cleaned with backup C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP635\A0070113.exe -> Downloader.Agent.wp : Cleaned with backup C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP635\A0070433.exe -> Downloader.Dluca.ci : Cleaned with backup C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP635\A0070457.dll -> Adware.BHO : Cleaned with backup C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP635\A0070484.dll -> Adware.BHO : Cleaned with backup C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP635\A0070886.dll -> Adware.Comet : Cleaned with backup C:\WINDOWS\Downloaded Program Files\CONFLICT.1\miniclipGameLoader.dll -> Downloader.Small : Cleaned with backup C:\WINDOWS\Downloaded Program Files\miniclipGameLoader.dll -> Downloader.Small : Cleaned with backup::Report End Quote Link to post Share on other sites
Steamhead Posted June 11, 2006 Report Share Posted June 11, 2006 Hello magnolia25, sorry for the dealy.Let's get right to it then, you may want to print this out.STEP 1:Please open HJT and place a check next to the following:R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.iquicksearch.net/search.htmR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htmR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htmR3 - Default URLSearchHook is missingO4 - HKLM\..\Run: [cveqxhxy] C:\WINDOWS\System32\scjsxc.exeO4 - HKLM\..\Run: [ms2src] c:\program files\common files\system\ms2src.exe /installO4 - HKCU\..\Run: [Qbtokf] C:\WINDOWS\System32\xoljxnef.exeClose all open browsers and click on "Fix Checked"STEP 2:Please download the Killbox by Option^Explicit.Note: In the event you already have Killbox, this is a new version that I need you to download. Save it to your desktop. Please double-click Killbox.exe to run it. Select: Delete on Reboot then Click on the All Files button.[*]Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):C:\WINDOWS\System32\scjsxc.exec:\program files\common files\system\ms2src.exeC:\WINDOWS\System32\xoljxnef.exe[*] Return to Killbox, go to the File menu, and choose Paste from Clipboard.[*]Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).If your computer does not restart automatically, please restart it manually.If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.STEP 3:I'd like to see an uninstall list.Open HijackThis, click Config, click Misc ToolsClick "Open Uninstall Manager"Click "Save List" (generates uninstall_list.txt)Click Save, copy and paste the results in your next post.STEP 4:Please go HERE to run Panda's ActiveScanOnce you are on the Panda site click the Scan your PC buttonA new window will open...click the Check Now buttonEnter your CountryEnter your State/ProvinceEnter your e-mail address and click sendSelect either Home User or CompanyClick the big Scan Now buttonIf it wants to install an ActiveX component allow itIt will start downloading the files it requires for the scan (Note: It may take a couple of minutes)When download is complete, click on My Computer to start the scanWhen the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan reportNow please post a new HJT log along with the Panda Activescan log and the uninstall list Quote Link to post Share on other sites
magnolia25 Posted June 14, 2006 Author Report Share Posted June 14, 2006 I cant delete these 3 files on Killbox-C:\WINDOWS\System32\scjsxc.exec:\program files\common files\system\ms2src.exeC:\WINDOWS\System32\xoljxnef.exemsg comes up "PendingFileRenameOperations Registry Data has been Removed by External Process!"Does this mean I can't finish the fix? Oh yeah..and I never saw any "PendingFileRenameOperations prompt" except for this angry one up here and I also downloaded missingfilesetup and no change- Quote Link to post Share on other sites
Steamhead Posted June 14, 2006 Report Share Posted June 14, 2006 (edited) I was afraid of that. Please finish the fix without the Killbox part. I'd like to see that Panda log, the uninstall list, and a new HJT log please. Edited June 14, 2006 by Steamhead Quote Link to post Share on other sites
magnolia25 Posted June 14, 2006 Author Report Share Posted June 14, 2006 Here's the biz Logfile of HijackThis v1.99.1Scan saved at 2:35:42 PM, on 6/14/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\Explorer.EXEC:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exeC:\Program Files\Java\j2re1.4.2_04\bin\jusched.exeC:\WINDOWS\BCMSMMSG.exeC:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Java\j2re1.4.2_04\bin\jucheck.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exeC:\Program Files\support.com\bin\tgcmd.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\Logitech\MouseWare\system\em_exec.exeC:\Program Files\Yahoo!\Messenger\ymsgr_tray.exeC:\WINDOWS\system32\cisvc.exeC:\Program Files\ewido anti-malware\ewidoctrl.exec:\program files\mcafee.com\agent\mcdetect.exec:\PROGRA~1\mcafee.com\agent\mctskshd.exeC:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exeC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\wscntfy.exeC:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exeC:\WINDOWS\system32\cidaemon.exeC:\WINDOWS\system32\cidaemon.exeC:\Program Files\Internet Explorer\iexplore.exeC:\HJT\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.htmlR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by ComcastR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\PROGRA~1\mcafee.com\mps\mcbrhlpr.dllO2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dllO2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exeO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exeO4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exeO4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exeO4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exeO4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -uO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.ExeO4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exeO4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /serverO4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hideO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quietO4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exeO8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.htmlO8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.htmlO8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.htmlO8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.htmlO8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.htmlO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dllO9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dllO9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dllO9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dllO9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dllO9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm (file missing)O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cabO16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/supergerball/miniclipGameLoader.dllO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cabO16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://real.gamehouse.com/real/games/SproutLauncher.cabO16 - DPF: {DA8484DE-52DB-4860-A986-61A8682E298A} (LiveX_v7.0.2.0) - https://www.childrenview.net/rooms/intercoa...hecker_6110.cabO23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exeO23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXEO23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exeO23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exeO23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exeO23 - Service: McAfee.com Personal Firewall Service (MpfService) - McAfee.com Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exeO23 - Service: IntelĀ® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exeactivescan--Incident Status Location Potentially unwanted tool:application/seekmo Not disinfected c:\program files\Seekmo Adware:adware/cws Not disinfected C:\Documents and Settings\Stephanie\Favorites\Fun & Games Adware:adware/sidesearch Not disinfected C:\Documents and Settings\Stephanie\Application Data\Lycos Adware:adware/dyfuca Not disinfected c:\windows\STWSI Adware:adware/limeshop Not disinfected Windows Registry Spyware:spyware/dluca Not disinfected Windows Registry Adware:adware/safesearch Not disinfected Windows Registry Adware:adware/ncase Not disinfected Windows Registry Adware:adware/navhelper Not disinfected Windows Registry Spyware:spyware/apropos Not disinfected Windows Registry Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Cameron\Cookies\cameron@adrevolver[3].txt Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Cameron\Cookies\cameron@advertising[1].txt Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Cameron\Cookies\cameron@apmebf[2].txt Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Cameron\Cookies\cameron@atdmt[2].txt Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Cameron\Cookies\cameron@atwola[1].txt Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Cameron\Cookies\cameron@azjmp[1].txt Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Cameron\Cookies\cameron@belnk[1].txt Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Cameron\Cookies\cameron@bluestreak[1].txt Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Cameron\Cookies\cameron@casalemedia[2].txt Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\Cameron\Cookies\cameron@cassava[1].txt Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Cameron\Cookies\cameron@cgi-bin[2].txt Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Cameron\Cookies\[email protected][2].txt Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Cameron\Cookies\cameron@doubleclick[1].txt Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\Cameron\Cookies\cameron@entrepreneur[1].txt Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Cameron\Cookies\cameron@fastclick[2].txt Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Cameron\Cookies\[email protected][1].txt Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Cameron\Cookies\[email protected][2].txt Spyware:Cookie/AspinallsOnlineCasino Not disinfected C:\Documents and Settings\Cameron\Cookies\cameron@pacificpoker[2].txt Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Cameron\Cookies\cameron@questionmarket[1].txt Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Cameron\Cookies\cameron@realmedia[2].txt Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Cameron\Cookies\cameron@serving-sys[2].txt Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Cameron\Cookies\cameron@xiti[1].txt Spyware:Spyware/Dluca Not disinfected C:\Documents and Settings\Cameron\Local Settings\Temp\lf_6C.tmp Spyware:Spyware/Dluca Not disinfected C:\Documents and Settings\Cameron\Local Settings\Temp\lf_7F0.tmp Spyware:Spyware/Dluca Not disinfected C:\Documents and Settings\Cameron\Local Settings\Temp\lf_EE8.tmp Spyware:Spyware/Dluca Not disinfected C:\Documents and Settings\Cameron\Local Settings\Temp\lf_F44.tmp Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Patricia\Cookies\patricia@adrevolver[2].txt Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Patricia\Cookies\patricia@atwola[1].txt Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Patricia\Cookies\patricia@azjmp[2].txt Spyware:Cookie/360i Not disinfected C:\Documents and Settings\Patricia\Cookies\[email protected][2].txt Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Patricia\Cookies\patricia@go[2].txt Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Patricia\Cookies\patricia@realmedia[1].txt Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Patricia\Cookies\patricia@target[1].txt Spyware:Spyware/Dluca Not disinfected C:\Documents and Settings\Patricia\Local Settings\Temp\lf_54C.tmp Spyware:Spyware/Dluca Not disinfected C:\Documents and Settings\Patricia\Local Settings\Temp\lf_68C.tmp Spyware:Spyware/Dluca Not disinfected C:\Documents and Settings\Patricia\Local Settings\Temp\lf_7F8.tmp Uninstall list--Abacast ClientABBYY FineReader 5.0 SprintAdobe Download Manager 1.2 (Remove Only)Adobe Photoshop Album 2.0 Starter EditionAdobe Reader 6.0AIPTEK PenCam VR ManagerAres 1.8.1AT&T WorldNet SetupBCM V.92 56K ModemBlaze MediaConvertBlue's Treasure Huntcd1Coding Workshop Ringtone ConverterComcastSUPPORTDAODell AIO Printer A940Dell Picture Studio - Dell Image ExpertDell Solution CenterDell SupportDisney's Winnie the Pooh ToddlerDVDSentryEasy CD Creator 5 Basicewido anti-malwareEZ-ROM Presentation Pro DemoF.A. Davis's Calculating Drug DosagesFinding NemoGoogle Toolbar for Internet ExplorerHijackThis 1.99.1Hot WheelsĆĀ® Stunt Track Driver 2 - GET'N DIRTYIntelĀ® PRO Ethernet Adapter and SoftwareIntelĀ® PROSet IIIrfanView (remove only)Jasc Paint Shop Pro 9Java 2 Runtime Environment Standard Edition v1.3.1_04Java 2 Runtime Environment, SE v1.4.2_04JumpStart PreSchool v1.4JumpStart ScrapbookJumpStart Toddlers 2001Kaplan Question TrainerLearn2 Player (Uninstall Only)LimeShopLogitech Desktop MessengerLogitech MouseWare 9.79 Logitech Resource CenterMacromedia Flash Player 8McAfee SecurityCenterMcAfee.com Personal Firewall PlusMcAfee.com Privacy ServiceMickey Mouse PreschoolMicrosoft .NET Framework (English)Microsoft .NET Framework (English) v1.0.3705Microsoft .NET Framework 1.0 Hotfix (KB886906)Microsoft .NET Framework 1.1Microsoft .NET Framework 1.1Microsoft .NET Framework 1.1 Hotfix (KB886903)Microsoft Data Access Components KB870669Microsoft Encarta Encyclopedia Standard 2003Microsoft Money 2003Microsoft Money 2003 System PackMicrosoft Office PowerPoint Viewer 2003Microsoft Picture It! Photo 7.0Microsoft Streets and Trips 2002Microsoft Windows Journal ViewerMicrosoft Word 2002Microsoft Works 2003 Setup LauncherMicrosoft Works 7.0Microsoft Works Suite Add-in for Microsoft WordModem HelperMPlay64ms2srcMSSoapRuntimeMUSICMATCHĆĀ® JukeboxNVIDIA Display DriverNVIDIA Windows 2000/XP Display DriversPaint Shop Pro 7Palace UninstallPanda ActiveScanPCFriendlyPhonics 4 KidsPowerDVDQuickTimeReader Rabbit PreschoolRealArcadeRealPlayerRegistry MechanicSandlot Games Client ServicesSecurity Update for Step By Step Interactive Training (KB898458)Security Update for Windows Media Player (KB911564)Security Update for Windows Media Player 10 (KB911565)Security Update for Windows XP (KB890046)Security Update for Windows XP (KB893756)Security Update for Windows XP (KB896358)Security Update for Windows XP (KB896422)Security Update for Windows XP (KB896423)Security Update for Windows XP (KB896424)Security Update for Windows XP (KB896428)Security Update for Windows XP (KB899587)Security Update for Windows XP (KB899591)Security Update for Windows XP (KB900725)Security Update for Windows XP (KB901017)Security Update for Windows XP (KB901214)Security Update for Windows XP (KB902400)Security Update for Windows XP (KB904706)Security Update for Windows XP (KB905414)Security Update for Windows XP (KB905749)Security Update for Windows XP (KB905915)Security Update for Windows XP (KB908519)Security Update for Windows XP (KB911562)Security Update for Windows XP (KB911567)Security Update for Windows XP (KB911927)Security Update for Windows XP (KB912812)Security Update for Windows XP (KB912919)Security Update for Windows XP (KB913446)Security Update for Windows XP (KB913580)Seekmo Search AssistantShockwaveSky RacerSpybot - Search & Destroy 1.4Stanley Wild for SharksStunt Track DriverStylus Studio XML Professional EditionTonka Construction 2TONKA Monster TrucksTONKA Search & Rescue 2Update for Windows XP (KB894391)Update for Windows XP (KB898461)Update for Windows XP (KB900485)Update for Windows XP (KB908531)Update for Windows XP (KB910437)Viewpoint Media PlayerWebSearch ToolsWindows DefenderWindows Defender SignaturesWindows Genuine Advantage v1.3.0254.0Windows Installer 3.1 (KB893803)Windows Installer 3.1 (KB893803)Windows Media Format RuntimeWindows XP Hotfix - KB834707Windows XP Hotfix - KB867282Windows XP Hotfix - KB873333Windows XP Hotfix - KB873339Windows XP Hotfix - KB885250Windows XP Hotfix - KB885835Windows XP Hotfix - KB885836Windows XP Hotfix - KB885884Windows XP Hotfix - KB886185Windows XP Hotfix - KB887472Windows XP Hotfix - KB887742Windows XP Hotfix - KB888113Windows XP Hotfix - KB888302Windows XP Hotfix - KB890047Windows XP Hotfix - KB890175Windows XP Hotfix - KB890859Windows XP Hotfix - KB890923Windows XP Hotfix - KB891781Windows XP Hotfix - KB893066Windows XP Hotfix - KB893086Windows XP Service Pack 2Winnie the Pooh PreschoolYahoo! Internet MailYahoo! MessengerYahoo! Messenger Explorer Bar Quote Link to post Share on other sites
Steamhead Posted June 15, 2006 Report Share Posted June 15, 2006 Hello magnolia25 Let's get down and dirty shall we? Once again you will want to print this out so you will have it with you at all times.STEP 1:Download and install CleanUp!NOTE: Do NOT run this program if you have XP Professional 64 bit edition. If you're unsure please do not run it!Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).Set the program up as follows:Click "Options..."Move the arrow down to "Custom CleanUp!"Put a check next to the following (Make sure nothing else is checked!):Empty Recycle BinsDelete CookiesDelete Prefetch files (if present)Cleanup! All UsersClick OKPress the CleanUp! button to start the program.It may ask you to log-off/reboot at the end, if it does please do so.STEP 2:It seems that you have or once had Limewire. This comes bundled with malware, and if you still have it is probably how you became infected in the first place. If you still have it I advise you to remove it. Please go to Start > Control Panel > Add/Remove Programs and find LimeShop. Highlight it and click on Change/Remove. Also remove "Seekmo Search Assistant". This is malware.STEP 3:We will need to remove some files manually in Safe Mode. Please reboot your computer and continually tap F8 as it is starting up. Select Safe Mode with the arrow keys and press Enter.We need to view you hidden files and folders. In WIndows Explorer (to get there right-click your Start button and go to "Explore"), click on Tools > Folder Options > click on the View tab > click on "show hidden files and folders". Click apply.Using Windows Explorer please delete these files (if present):C:\Documents and Settings\Stephanie\Favorites\Fun & GamesC:\Documents and Settings\Stephanie\Application Data\Lycosc:\windows\STWSIC:\WINDOWS\System32\scjsxc.exec:\program files\common files\system\ms2src.exeC:\WINDOWS\System32\xoljxnef.exe and foldersc:\program files\SeekmoAfter that, Reboot.STEP 4:Please run a new Panda Activescan and a new Ewido scan. Post those logs and a new HJT log. How's your computer running? Quote Link to post Share on other sites
magnolia25 Posted June 20, 2006 Author Report Share Posted June 20, 2006 Steamheaddid the clean up, and now I can't remove limeshop. I get an error msg "ERROR: could not execute Main: the system cannot find the file specified. Do you want me to just continue anyways with the safe mode thing? Quote Link to post Share on other sites
Steamhead Posted June 21, 2006 Report Share Posted June 21, 2006 yes please continue Quote Link to post Share on other sites
magnolia25 Posted June 24, 2006 Author Report Share Posted June 24, 2006 here's my homework-Steamhead Logfile of HijackThis v1.99.1Scan saved at 5:39:56 PM, on 6/24/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\system32\cisvc.exeC:\Program Files\ewido anti-malware\ewidoctrl.exec:\program files\mcafee.com\agent\mcdetect.exec:\PROGRA~1\mcafee.com\agent\mctskshd.exeC:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exeC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exeC:\Program Files\Java\jre1.5.0_06\bin\jusched.exeC:\WINDOWS\BCMSMMSG.exeC:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\Logitech\MouseWare\system\em_exec.exeC:\Program Files\Yahoo!\Messenger\ymsgr_tray.exeC:\WINDOWS\system32\wuauclt.exeC:\HJT\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.htmlR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by ComcastR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\PROGRA~1\mcafee.com\mps\mcbrhlpr.dllO2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dllO2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exeO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exeO4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exeO4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exeO4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exeO4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -uO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.ExeO4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exeO4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hideO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quietO4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exeO8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.htmlO8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.htmlO8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.htmlO8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.htmlO8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.htmlO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dllO9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dllO9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm (file missing)O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cabO16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/supergerball/miniclipGameLoader.dllO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cabO16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://real.gamehouse.com/real/games/SproutLauncher.cabO16 - DPF: {DA8484DE-52DB-4860-A986-61A8682E298A} (LiveX_v7.0.2.0) - https://www.childrenview.net/rooms/intercoa...hecker_6110.cabO23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exeO23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXEO23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exeO23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exeO23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exeO23 - Service: McAfee.com Personal Firewall Service (MpfService) - McAfee.com Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exeO23 - Service: IntelĀ® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe--------------------------------------------------------- ewido anti-malware - Scan report--------------------------------------------------------- + Created on: 11:20:54 PM, 6/23/2006 + Report-Checksum: 374AF8A6 + Scan result: C:\Documents and Settings\Cameron\Cookies\cameron@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup C:\Documents and Settings\Cameron\Cookies\[email protected][2].txt -> TrackingCookie.Casalemedia : Cleaned with backup C:\Documents and Settings\Cameron\Cookies\cameron@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup C:\Documents and Settings\Cameron\Cookies\cameron@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup C:\Documents and Settings\Cameron\Cookies\cameron@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup C:\Documents and Settings\Cameron\Cookies\cameron@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup C:\Documents and Settings\Cameron\Cookies\[email protected][2].txt -> TrackingCookie.Fastclick : Cleaned with backup C:\Documents and Settings\Cameron\Cookies\cameron@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup C:\Documents and Settings\Cameron\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Cameron\Cookies\cameron@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned with backup C:\Documents and Settings\Patricia\Cookies\patricia@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup C:\Documents and Settings\Stephanie\Cookies\stephanie@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned with backup C:\Documents and Settings\Stephanie\Cookies\stephanie@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Stephanie\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\Stephanie\Cookies\[email protected][1].txt -> TrackingCookie.Addynamix : Cleaned with backup C:\Documents and Settings\Stephanie\Cookies\[email protected][2].txt -> TrackingCookie.Pointroll : Cleaned with backup C:\Documents and Settings\Stephanie\Cookies\[email protected][1].txt -> TrackingCookie.Falkag : Cleaned with backup C:\Documents and Settings\Stephanie\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Stephanie\Cookies\stephanie@overture[1].txt -> TrackingCookie.Overture : Cleaned with backup C:\Documents and Settings\Stephanie\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Cleaned with backup C:\Documents and Settings\Stephanie\Cookies\stephanie@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned with backup C:\Documents and Settings\Stephanie\Cookies\stephanie@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned with backup C:\Documents and Settings\Stephanie\Cookies\stephanie@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup C:\Documents and Settings\Stephanie\Cookies\stephanie@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned with backup C:\Documents and Settings\Stephanie\Cookies\stephanie@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup C:\Documents and Settings\Stephanie\Cookies\[email protected][1].txt -> TrackingCookie.Realtracker : Cleaned with backup C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP689\A0074061.exe -> Adware.Trymedia : Cleaned with backup C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP689\A0074062.exe -> Adware.Trymedia : Cleaned with backup C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP689\A0074063.dll -> Adware.Aws : Cleaned with backup C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP689\A0074064.exe -> Downloader.Agent.wp : Cleaned with backup C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP689\A0074065.exe -> Adware.180Solutions : Cleaned with backup C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP689\A0074066.dll -> Adware.Zango : Cleaned with backup C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP689\A0074113.exe -> Downloader.Dluca.ci : Cleaned with backup::Report EndIncident Status Location Adware:adware/cws Not disinfected C:\Documents and Settings\Stephanie\Favorites\Going Places Adware:adware/limeshop Not disinfected Windows Registry Spyware:spyware/dluca Not disinfected Windows Registry Potentially unwanted tool:application/seekmo Not disinfected hkey_current_user\software\seekmo Adware:adware/safesearch Not disinfected Windows Registry Adware:adware/ncase Not disinfected Windows Registry Adware:adware/navhelper Not disinfected Windows Registry Spyware:spyware/apropos Not disinfected Windows Registry Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Cameron\Cookies\cameron@advertising[1].txt Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Cameron\Cookies\cameron@atdmt[2].txt Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Cameron\Cookies\cameron@belnk[1].txt Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Cameron\Cookies\cameron@casalemedia[1].txt Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Cameron\Cookies\cameron@cgi-bin[1].txt Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Cameron\Cookies\[email protected][2].txt Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Cameron\Cookies\cameron@doubleclick[1].txt Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Cameron\Cookies\cameron@fastclick[1].txt Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Cameron\Cookies\[email protected][2].txt Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Cameron\Cookies\cameron@mediaplex[1].txt Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Cameron\Cookies\cameron@serving-sys[2].txt Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Patricia\Cookies\patricia@doubleclick[1].txt Adware:Adware/CWS Not disinfected C:\Documents and Settings\Stephanie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\SecurityClassLoader.class-7c728-1c6288ef.class Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Stephanie\Cookies\stephanie@247realmedia[1].txt Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Stephanie\Cookies\stephanie@2o7[1].txt Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Stephanie\Cookies\[email protected][2].txt Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Stephanie\Cookies\[email protected][2].txt Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Stephanie\Cookies\stephanie@apmebf[1].txt Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Stephanie\Cookies\[email protected][1].txt Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Stephanie\Cookies\stephanie@go[2].txt Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Stephanie\Cookies\stephanie@overture[1].txt Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Stephanie\Cookies\[email protected][1].txt Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Stephanie\Cookies\stephanie@questionmarket[2].txt Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Stephanie\Cookies\stephanie@realmedia[1].txt Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Stephanie\Cookies\stephanie@serving-sys[2].txt Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Stephanie\Cookies\stephanie@trafficmp[2].txt Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Stephanie\Cookies\stephanie@tribalfusion[2].txt Adware:Adware/Exact.BargainBuddy Not disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\106D6BE6-E8A3-44AE-A97F-1FA756\24B86B79-F0FE-4ECF-A5E0-CFF667 Adware:Adware/Exact.BargainBuddy Not disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\106D6BE6-E8A3-44AE-A97F-1FA756\BFCDFE5A-D81D-4927-A27C-6511C5 Spyware:Spyware/Apropos Not disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\ABF2AC78-66AC-4A90-A377-562B58\06654036-9F76-47F8-9B3D-85A507 Spyware:Spyware/Apropos Not disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\ABF2AC78-66AC-4A90-A377-562B58\9D5AE127-F8C9-4B9B-8D17-F7160F Adware:Adware/SAHAgent Not disinfected C:\WINDOWS\prlltpvg.exe Spyware:Spyware/Dluca Not disinfected C:\WINDOWS\SYSTEM32\cd1.exe Quote Link to post Share on other sites
Steamhead Posted June 27, 2006 Report Share Posted June 27, 2006 Please download ATF Cleaner by Atribune.This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.Under Main choose: Select AllClick the Empty Selected button.If you use Firefox browserClick Firefox at the top and choose: Select AllClick the Empty Selected button.NOTE: If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browserClick Opera at the top and choose: Select AllClick the Empty Selected button.NOTE: If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.For Technical Support, double-click the e-mail address located at the bottom of each menu.Now let's see one more Ewido log and one more Panda log. This should be the last ones! Thank you. Quote Link to post Share on other sites
Matt Posted July 11, 2006 Report Share Posted July 11, 2006 Inactive topic...If you still need help on this problem, contact me or one of the Moderators to re-open this up.Topic closed. Quote Link to post Share on other sites
Steamhead Posted July 27, 2006 Report Share Posted July 27, 2006 Topic Reopened via User Request.==============================Can I see a new HijackThis log please Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.